Exploiting Small-Norm Polynomial Multiplication with Physical Attacks

Application to CRYSTALS-Dilithium


  • Olivier Bronchain NXP Semiconductors, Eindhoven, Netherlands
  • Melissa Azouaoui NXP Semiconductors, Eindhoven, Netherlands
  • Mohamed ElGhamrawy NXP Semiconductors, Eindhoven, Netherlands
  • Joost Renes NXP Semiconductors, Eindhoven, Netherlands
  • Tobias Schneider NXP Semiconductors, Eindhoven, Netherlands




Lattice-based Cryptography, Post-Quantum Cryptography, Side- Channel Attacks, Fault Attacks, CRYSTALS-Dilithium


We present a set of physical profiled attacks against CRYSTALS-Dilithium that accumulate noisy knowledge on secret keys over multiple signatures, finally leading to a full key recovery attack. The methodology is composed of two steps. The first step consists of observing or inserting a bias in the posterior distribution of sensitive variables. The second step is an information processing phase which is based on belief propagation and effectively exploits that bias. The proposed concrete attacks rely on side-channel information, induced faults or possibly a combination of the two. Interestingly, the adversary benefits most from this previous knowledge when targeting the released signatures, however, the latter are not strictly necessary. We show that the combination of a physical attack with the binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Finally, we demonstrate that this approach is also effective against shuffled implementations of CRYSTALS-Dilithium.







How to Cite

Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 359-383. https://doi.org/10.46586/tches.v2024.i2.359-383